Company Description

MedSec is exclusively dedicated to the unique challenge of medical device and healthcare cybersecurity. MedSec partners with medical device manufacturers and healthcare delivery organizations to help address cybersecurity in medical devices throughout all stages of the device lifecycle. With medical device manufacturers, MedSec leverages its cybersecurity expertise, coupled with its intimate knowledge of the healthcare regulatory and operating environments to offer support in design, architecture, verification, penetration testing, risk assessments, regulatory filings, and execution of security best practices in the development of new medical devices as well legacy systems. With Healthcare Delivery Organizations MedSec leverages its intimate knowledge of medical devices to offer software solutions for cybersecurity and asset management of connected medical devices in hospitals. MedSec is an active participant in helping move the cybersecurity healthcare community forward and participates in a number of standards and best practice committees involved in furthering cybersecurity for medical products.

Overview

MedSec is seeking a Consultant (FTE) that can help improve the security of medical devices through the delivery of threat models and threat modeling training for customers. MedSec Consultants work on complex systems, including custom embedded devices, desktop software applications, web applications, cloud backends, and mobile apps. Titles and compensation will be commensurate with experience.

Requirements

  • Expertise in security threat modeling and architecture
  • Strong problem-solving and analytical skills
  • Good understanding of systems-level security concepts
  • Good understanding of cryptographic primitives
  • Remain current in the latest security technologies, methodologies, and best practices, especially as it relates to threat modeling
  • In-depth knowledge of security concepts and design techniques relating to the cloud (AWS/GCP/Azure) as well as web applications, embedded IoT, client, and mobile applications
  • Excellent communication skills in English
  • Ability to write technical reports and other documentation
  • Ability to develop and deliver training
  • Ability to travel up to 25% to customer premises
  • Facilitate meetings with external customers/clients to iterate the threat model diagram.

Basic Qualifications

  • 5+ years of experience in security architecture
  • 5+ years of experience creating, maintaining, and reviewing threat models
  • In-depth knowledge of security concepts and design techniques relating to the cloud (AWS/GCP/Azure) as well as web applications, IoT, client, and mobile applications
  • Understanding of NIST or medical device regulations and standards is a plus but not required
  • Proficient in Office365 and threat modeling methodologies such as STRIDE